This is our Privacy Notice and this sets out the basics. In some cases you may have an additional documents – contract, agreement, terms – with more details specific to you.


This Privacy Notice applies to

Adapt Consulting Company Limited. Registered 121355 RC 23 May 2016

Also to Thinking Feeling Being

Also to Tim HJ Rogers

La Belle Hougue, Belle Hougue Avenue,La Grande Route Des Sablons, Jersey, JE3 9BL (UK)

Hereafter referred to as ACC-TFB-TR

This Privacy Notice sets out how the we deal with your personal data. We take privacy and security of your information seriously and will only use such personal information as set out in this privacy policy or agreed in a contract with you.

The headings below follow the requirements set out in Data Protection (Jersey) Law 2018 Article 12 Information to be provided to data subject (Para 4)


Information which is collected will be the responsibility of the ACC-TFB-TR who will act as data controller in relation to any personal data. If you have any questions in relation to this policy or data protection please contact the Data Processing Representative (DPR)


When visiting our website we collect basic contact information about you for the purpose of telling you about ACC-TFB-TR or our services, for example to send a brochure or arrange a visit.

For Clients/Customers

We hold confidential information necessary for us to be able to provide services. For example, this includes information for contact, delivery and billing. We provide a full description of that data and our safeguards in our contract with you and can accommodate special requirements where necessary, for example only using your platform so that no date ever leaves your control.

For Suppliers

We hold confidential information necessary for us to be able to commission and pay for services.

For Followers

We use products like Mailchimp to provide a newsletter subscription service in all cases you can subscribe or un-subscribe according to your preferences.



When visiting our website we collect basic contact information which you submit using our on-line forms. This is used to be able to respond to information request about products or services. If you do subscribe to any services you can also unsubscribe. You can do this via an unsubscribe option at the bottom of emails, or contact us

Social Media

Some customers connect with us via Social Media, in which case we will follow the “rules” of that platform which include giving you the option to unlike, unfollow, unfriend or disconnect (depending on whether you are using LinkedIn, Twitter, Instagram, YouTube or something else)
Provision of Products and Services

We offer a variety of products and services including…

Project and Change Management

During our work with you, we might need to handle information about individuals involved in the project, such as team members and key stakeholders. You have the control to decide what information we can access throughout our partnership.

In certain projects, you may opt to provide us with specific tools such as laptops, phones, secure folders, or cloud storage. This is to ensure that your data remains within your control, safeguarded by the appropriate people, policies, and technology. This method is strongly advised to maintain strict confidentiality and protect data effectively.

Typically, for the duration of our work together, you will act as the “controller” of any project-related data, meaning you’ll oversee how this data is managed. We will serve as the “processor,” handling the data according to your instructions. If you don’t specify your requirements, we’ll proceed with utmost care, ensuring the confidentiality and protection of your data.

If needed, we can outline the specifics of the data involved and the protections we use in our agreement with you.


ACC-TFB-TR does not currently use “Google Analytics” cookies on our website, but we may do in the future for tracking purposes. A cookie is a small text file that a website saves onto your device when you visit the site. It enables our website to remember your actions and preferences over a period of time, so you don’t have to keep re-entering them when you come back to the site or browse from one page to another. It makes your experience with us more seamless.

Typically pages use cookies to remember:
• Your display preferences, such as colour settings or font size.
• If you have already replied to any pop-ups that appear so that you won’t be asked again;
• If you have agreed (or not) to our use of cookies on this site;

Any videos embedded in our pages use a cookie to anonymously gather statistics on how you got there and what videos you visited.

Enabling these cookies is not strictly necessary for the website to work, but it will provide you with a better browsing experience. You can delete or block these cookies through your browser, but if you do that some features of this site may not work as intended. The cookie-related information is not used to identify you personally and the pattern data is fully under our control. These cookies are not used for any purpose other than those described here.


We need to know information about you to be able to provide products and services. We only use personal-data where there is a *legitimate interest* in doing so. In most cases beyond early introductions or information requests we will agree a *contract* which sets out the terms by which we will work, including data protection.
We rarely do direct marketing. If we ever do decide to do newsletters, mailings or anything like that we will seek your consent. This means you will be invited to opt-in, but you can opt-out. This may be as simple as sending an email, or we might use a subscribe / unsubscribe form.


Unless otherwise specified on contract or agreement, information is only for the purposes of our products and services. Where we work for the Government of Jersey we are bound by their Freedom of Information FOI, and will act in accordance for Government of Jersey contracts.
However we never share data unless there is legislation or regulation or express agreement to do so.


We have no automated decision making or profiling of personal-data.


Data is gathered on the basis of…

Legitimate interests

The processing is necessary for the purposes of legitimate interests pursued by the controller or by the third party or parties to whom the data are disclosed. For example we monitor technology for the purposes of security, which is a legitimate business need. Generally (unless otherwise specified on contract or agreement) the legal basis for processing data is legitimate interests since data is necessary for the purposes of providing information, products and services.


The processing is necessary for –
(a) the performance of a contract to which the data subject is a party; or
(b) the taking of steps at the request of the data subject with a view to entering into a contract.


Where our processing is based on consent (eg for optional newsletter or sports and social activity), you may withdraw your consent by unsubscribing from the service or emailing us. In the case of Social Media you may unfriend, unlike, unfollow, or otherwise remove the connection.
In summary: we need to know information about you to be able to provide services and only use personal-data where there is a legitimate interest in doing so


We will retain your personal data for as long as necessary to fulfil the purpose for which it was collected.
As a guide, we keep contractual documents for 10 years, and for most other things we remove 1 year after your last interaction with us. So if we don’t hear from you for a year we remove your data (unless we need to retain it for legal or regulatory reasons)


We use up-to-date data storage and security techniques to protect your personal information from unauthorised access, improper use or disclosure, unauthorised modification or unlawful destruction or accidental loss.

The security measures we have in place include:
1. Policies All staff adhere to the Acceptable use policy.
2. Training There is a mandatory Data Protection training for all the new staff and annual updates for existing staff.
3. Physical Security/Access Permissions There are access controls to all data held which are appropriate to staff requirements. To ensure security in the work place staff have their own access key for perimeter doors to prevent unauthorised access.
4. Destruction process All personal data is securely removed after it has reached the retention period. Paper waste is sent to secure disposal in designated confidential waste bins.
5. Encrypted email Can be used for email data transfer outside of the network

As noted above, if you prefer us to use your systems and follow your policies and procedures we are happy to do that.


Our Systems and Sites
Your information will only be accessed and processed by authorised who are directly involved in the management and administration of your business, or the provision of products or services and have a legitimate need to access your information.
Generally (unless otherwise specified on contract or agreement) no data is shared with any other organisation, except with explicit agreement.
Where we work for the Government of Jersey we are bound by Freedom of Information FOI, and will act in accordance for Government of Jersey contracts. However we never share data unless there is legislation or regulation or express agreement to do so.

Third party websites

Users may find plug-in’s or other content on our site that links to the sites and services of our business partners, suppliers and other third parties. We do not control the content or links that appear on these sites and are not responsible for the practices employed by websites linked to or from our site.


We operate in Jersey. However we do use technology which may transfer data to another jurisdiction, for example use of Microsoft and Cloud-based back-up of data (eg Office 365 and MS-Teams)

Where such transfers do not offer the same level of protection of personal data as may be enjoyed within Jersey or the EU (for example United States) we will ensure that your data is appropriately protected (for example by reference to IT security standards)

GDPR and Jersey Data Protection Law is a key consideration when selecting a service provider and we seek those that demonstrate that they will keep data private, safe and secure by reference to ISO27001, Cyber Essentials or other similar standards. If the use of Microsoft Office, GMail, Hootsuite, Zoom, Otter is a concern for clients we can work on the client site, using client systems, and no data will leave the client site. In such circumstances we will operate under the client data-protection, information security or other relevant standards as an explicit term of the contract.


Under the GDPR, and Jersey Data Protection Law individuals will have the right to obtain:
• The purposes of the processing;
• The categories of personal data concerned;
• The recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
• Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
• The existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
• The right to lodge a complaint with a supervisory authority;
• Where the personal data are not collected from the data subject, any available information as to their source;
• The existence of automated decision-making, including profiling and the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

More details can be found here and here


If you have any questions in relation to this policy or data protection within please contact us

If you would like to make a complaint to the Information Commissioner, or learn more about data protection in Jersey please visit their website at

The Commissioner is an independent statutory authority, with a mission to promote respect for the private lives of individuals through ensuring privacy of your personal information. Please bear in mind that the Office of the Information Commissioner (OIC) as referred to in this Policy and on our website is that in the Bailiwick of Jersey and not the United Kingdom.